MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47f33e873c4f7d204bc53e4ceb6c1969e61f68833fd58ec1a8d611b482fc4a49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47f33e873c4f7d204bc53e4ceb6c1969e61f68833fd58ec1a8d611b482fc4a49
SHA3-384 hash: d60c9fb70436ad89865636ceb712cf203ef9c1682f0d4ca58ccf578b7b12ec151bf0472494518b323aa9f5be9bffc3c5
SHA1 hash: 55c3e4c6b31f50aa0646a6c34680cd3ba72aa13b
MD5 hash: 86bd84bf1741e91663c5625e8ff73e55
humanhash: cat-asparagus-quiet-oranges
File name:Payment_Advice pdf.tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:579'443 bytes
First seen:2021-09-28 08:31:20 UTC
Last seen:Never
File type: tar
MIME type:application/x-rar
ssdeep 12288:Xhv+k7gcc4HpsAXpW0RwtFK83OQhuO2F3aHyNv0jt2Gjs2WAFa+:Xx+EdcUpE1UQUnVNv0jtxjNha+
TLSH T15EC4238181A9DBC604FEDFAA269D671C72A9074690373C1C245FBC4EC6F96FF7684106
Reporter cocaman
Tags:AgentTesla HSBC tar


Avatar
cocaman
Malicious email (T1566.001)
From: "HSBC Advising Service <advising.service@securemail-advising.hsbc.com>" (likely spoofed)
Received: "from securemail-advising.hsbc.com (unknown [103.133.109.71]) "
Date: "28 Sep 2021 01:30:13 -0700"
Subject: "Payment Advice - Advice Ref:[GLV924686601] / Priority payment / Customer Ref:[627201]"
Attachment: "Payment_Advice pdf.tar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
151
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47f33e873c4f7d204bc53e4ceb6c1969e61f68833fd58ec1a8d611b482fc4a49/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-09-28 08:32:08 UTC
AV detection:
13 of 45 (28.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i7zt5bz4j56sas6fhzgow3aznhtb62edh7ky5qni2yi3jax4jjeq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210928-kfas4sbcbn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/47f33e873c4f7d204bc53e4ceb6c1969e61f68833fd58ec1a8d611b482fc4a49

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 47f33e873c4f7d204bc53e4ceb6c1969e61f68833fd58ec1a8d611b482fc4a49

(this sample)

AgentTesla

Executable exe 3db403fbe2dd969e2fc07bfdf1bcdcbd1429d9fb0cda0464f7ea6c59e21cc10e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3db403fbe2dd969e2fc07bfdf1bcdcbd1429d9fb0cda0464f7ea6c59e21cc10e
  
Dropping
AgentTesla

Comments